{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"78.4.0-lp152.2.13.1","MozillaThunderbird-translations-common":"78.4.0-lp152.2.13.1","MozillaThunderbird-translations-other":"78.4.0-lp152.2.13.1","mozilla-nspr":"4.25.1-lp152.2.3.1","mozilla-nspr-32bit":"4.25.1-lp152.2.3.1","mozilla-nspr-devel":"4.25.1-lp152.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"78.4.0-lp152.2.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"78.4.0-lp152.2.13.1","MozillaThunderbird-translations-common":"78.4.0-lp152.2.13.1","MozillaThunderbird-translations-other":"78.4.0-lp152.2.13.1","mozilla-nspr":"4.25.1-lp152.2.3.1","mozilla-nspr-32bit":"4.25.1-lp152.2.3.1","mozilla-nspr-devel":"4.25.1-lp152.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"mozilla-nspr","purl":"pkg:rpm/opensuse/mozilla-nspr&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.25.1-lp152.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird and mozilla-nspr fixes the following issues:\n\n- Mozilla Thunderbird 78.4\n  * new: MailExtensions: browser.tabs.sendMessage API added\n  * new: MailExtensions: messageDisplayScripts API added\n  * changed: Yahoo and AOL mail users using password authentication will be migrated to OAuth2\n  * changed: MailExtensions: messageDisplay APIs extended to support multiple selected messages\n  * changed: MailExtensions: compose.begin functions now support creating a message with attachments\n  * fixed: Thunderbird could freeze when updating global search index\n  * fixed: Multiple issues with handling of self-signed SSL certificates addressed\n  * fixed: Recipient address fields in compose window could expand to fill all available space\n  * fixed: Inserting emoji characters in message compose window caused unexpected behavior\n  * fixed: Button to restore default folder icon color was not keyboard accessible\n  * fixed: Various keyboard navigation fixes\n  * fixed: Various color-related theme fixes\n  * fixed: MailExtensions: Updating attachments with onBeforeSend.addListener() did not work\n  MFSA 2020-47 (bsc#1177977)\n  * CVE-2020-15969 Use-after-free in usersctp\n  * CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4\n- Mozilla Thunderbird 78.3.3\n  * OpenPGP: Improved support for encrypting with subkeys\n  * OpenPGP message status icons were not visible in message header pane\n  * Creating a new calendar event did not require an event title\n- Mozilla Thunderbird 78.3.2 (bsc#1176899)\n  * OpenPGP: Improved support for encrypting with subkeys\n  * OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly\n  * Single-click deletion of recipient pills with middle mouse button restored\n  * Searching an address book list did not display results\n  * Dark mode, high contrast, and Windows theming fixes\n- Mozilla Thunderbird 78.3.1\n  * fix crash in nsImapProtocol::CreateNewLineFromSocket\n- Mozilla Thunderbird 78.3.0\n  MFSA 2020-44 (bsc#1176756)\n  * CVE-2020-15677 Download origin spoofing via redirect\n  * CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element\n  * CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario\n  * CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3\n\n- update mozilla-nspr to version 4.25.1\n  * The macOS platform code for shared library loading was\n    changed to support macOS 11.\n  * Dependency needed for the MozillaThunderbird udpate\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:1780-1","modified":"2020-10-30T20:35:46Z","published":"2020-10-30T20:35:46Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HNDBN7MZZMEI27CRDAIIISBFFMEHIVVF/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174230"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176384"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176756"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176899"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177977"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15673"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15676"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15677"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15678"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15683"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15969"}],"related":["CVE-2020-15673","CVE-2020-15676","CVE-2020-15677","CVE-2020-15678","CVE-2020-15683","CVE-2020-15969"],"summary":"Security update for MozillaThunderbird and mozilla-nspr","upstream":["CVE-2020-15673","CVE-2020-15676","CVE-2020-15677","CVE-2020-15678","CVE-2020-15683","CVE-2020-15969"]}